The AI Control Plane for Regulated Industries

AI only sees what your policies allow.

Hearth & Alloy builds the control plane that ensures AI systems only receive data your organization has classified, policy-checked, and authorized. Patent-pending Three-Gate architecture, with an immutable audit trail behind every request.

Take the PHI Readiness Assessment →See how it works

Free PHI AI Readiness Assessment. Three modules, about 30 minutes per employee. Anonymous organizational scorecard. No credit card.

Platform

The Three-Gate Architecture

Most AI safety tools monitor what the AI does after the fact. We stop unauthorized data from reaching the AI in the first place. Every request passes through three sequential checks: what the data is, who is allowed to use it, and where it can safely go. Patent-pending.

GATE 1

Data Reality

Multi-signal detection identifies what the data actually is: HIPAA identifiers, healthcare codes, and domain-extensible markers for other regulated industries. Works on prompts, transcripts, and files.

“Can this data even be touched by AI?”

GATE 2

Purpose & Authority

Policy evaluates user role, task context, and data classification together, before any model invocation. Sensitive values are transformed while meaning is preserved, and an independent verification layer confirms the request is safe.

“Is this user allowed to do this, right now?”

GATE 3

Risk-Based Routing

A composite risk score determines which approved model or provider a request is eligible for, or blocks it entirely. Organization-scoped allowlists and health-aware routing underneath, an immutable record above.

“Where, if anywhere, is this safe to send?”

Front Door

Start with the free PHI AI Readiness Assessment

A three-module diagnostic, about 30 minutes per employee, that produces an anonymized organizational readiness report your CISO can actually use. Baseline-locked scoring, no retake inflation. Individual scores are never shared. Report unlocks once five employees complete.

What it measures

✓

PHI Identification

Can your team recognize protected health information in AI interactions, including the 18 HIPAA identifiers in realistic clinical text?

✓

Safe AI Usage

When is a general-purpose AI appropriate? When is it disqualifying?

✓

Policy Awareness

Do employees know your organization's AI usage policies well enough to apply them in the moment?

✓

Incident Response

When something goes wrong, does your team know what to do, and how fast?

Take the Assessment →

Sample Readiness Report

Organization Baseline62%

Identifying PHI71%

Safe AI Usage58%

Incident Prevention49%

Policy Awareness68%

Illustrative. Baseline is locked on first completion; retakes track improvement separately so the number your CISO sees reflects what the team actually knew.

First Product

Guardian Health: a production-ready AI Control Plane

Healthcare is our anchor industry. The platform is production-grade and running today.

Product Snapshot

🛡️

PHI Detected & Redacted

3 entities found: PERSON (2), PHONE_NUMBER (1)

POLICY: Auto-redact

Can you help me draft an email to [REDACTED] about their recent appointment? Their callback number is [REDACTED].

I've prepared a professional follow-up email template:

Subject: Follow-up on Recent Appointment

Dear [REDACTED],

Thank you for visiting our office...

We'll reach out to [REDACTED] as requested.

Response cleared — no PHI exposed to model

👁️

PHI Detected

🛡️

Redacted

⚡

AI Response

📋

Logged

What's shipped:

✓Admin Experience Modes: Managed, Standard, Advanced, Assessment tiers

✓Employee AI Training Module: 5 industry templates, 26 modules, OB3.0 certificates, SCORM/xAPI export

✓API Gateway / Proxy: drop-in compliance layer for any app, any major model provider

✓Browser Extension: side panel, floating button, encrypted session management

✓Workflow Gallery: pre-built healthcare workflows plus a visual builder

✓Compliance Command Center: health score, risk events, scheduled PDF reports

✓White-Label Theming: healthcare, government, legal, finance templates

✓Configuration Assistant: AI admin that manages policies, simulates rules, flags anomalies

✓Flexible deployment: subscribe-first SaaS, or run inside your own cloud tenant

See the full platform →

HIPAA-aligned • SOC 2 Type II in progress • 7-year immutable audit retention • Deploy in our environment or yours

Keith Williams

Founder

17+ years building secure data systems

Founder's Perspective

Start with the team, not the tool.

AI adoption in regulated industries fails at the people layer long before it fails at the platform layer. Most organizations don't actually know what their teams would do with a ChatGPT tab open and a patient chart on the other screen.

That's why the front door to Guardian Health is a free readiness assessment, not a sales pitch. Admins see an anonymized organizational scorecard (where the gaps are, which modules close them) and only then decide whether the platform underneath is worth a conversation.

The platform itself is the patent-pending Three-Gate control plane: sensitive data never reaches AI systems without being classified, policy-checked, and safely routed, with an immutable audit trail behind every request.

“Measure the team first. Earn the platform conversation second.”

Connect with the Founder →

About

Built for industries where “we'll figure it out” is not an answer

Hearth & Alloy, Inc. builds AI control-plane infrastructure for healthcare, government, legal, and finance. Patent-pending architecture; filings under preparation.

HIPAA-aligned • SOC 2 Type II in progress • Flexible deployment: run in our environment or yours

Get in Touch

Three ways to start

Take the assessment

Free. Three modules, about 30 minutes per employee. Anonymous organizational scorecard unlocks at 5 completions.

Start Assessment

Request a demo

A walkthrough of the Three-Gate pipeline against your real scenarios.

Email Us

Design partner program

Shape the roadmap. Preferred pricing. Direct access to the founder.

Apply